diff --git a/index.html b/index.html
index 98c3bf8..96f4890 100644
--- a/index.html
+++ b/index.html
@@ -76,7 +76,8 @@ <h3>Secure</h3>
             The Internet of Things cannot spread as long as it can be exploited by hackers willy-nilly.
             CoAP does not just pay lip service to security, it actually provides strong security.
             CoAP's default choice of DTLS parameters is equivalent to
-            3072-bit RSA keys, yet still runs fine on the smallest nodes.
+            3072-bit RSA keys, yet still runs fine on the smallest nodes. In addition, the OSCORE protocol is
+            an extension to CoAP for providing end-to-end security at the application layer.
           </p>
         </div>
       </div>
diff --git a/spec.html b/spec.html
index 12b3e43..761d59c 100644
--- a/spec.html
+++ b/spec.html
@@ -57,6 +57,14 @@ <h3>Group comm</h3>
             <a href='http://tools.ietf.org/html/rfc7390'>RFC 7390</a>
             provides additional information and protocol flows for how to use CoAP for group communication.
           </p>
+          <h3>OSCORE</h3>
+          <p>
+            <a href='https://tools.ietf.org/html/rfc8613'>RFC 8613</a>
+            defines Object Security for Constrained RESTful Environments (OSCORE)
+            which is a protocol for applying application-layer protection to CoAP messages
+            providing end-to-end security. The Java implementation of CoAP <a href='http://www.eclipse.org/californium/'>Californium</a>
+            includes support for OSCORE.
+          </p>
         </div>
         <div class='span4'>
           <h2>Dependent specifications</h2>